General

  • Target

    6eb118ec56eb43af883cc2029f5c0578b681d6cb47871cbadb290a5f5b0eb35c

  • Size

    486KB

  • Sample

    240620-ylcrjsvdrg

  • MD5

    c2b8ef494b3fe7ea3f21d3bb97d80bfb

  • SHA1

    774669fca4a453214c0907decc57b8a079165de5

  • SHA256

    6eb118ec56eb43af883cc2029f5c0578b681d6cb47871cbadb290a5f5b0eb35c

  • SHA512

    9a3ac6289b5fc9bbf8e91d133beac11f4e95416343c4920a9e0549bbf7526ee968a5f211d9dbf9e2809d369b6527848cb31da43a4b48cdbbef9ee3bf78250f33

  • SSDEEP

    6144:xWLAovSawIJWgiFEXmbxrM6y7gFFOKS9ssavei6OsUtvRMDEjoTI:kMmSawIJWgsEUyzDKVvP6lkGD

Score
10/10

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

b2c2c1

C2

http://greendag.ru

Attributes
  • install_dir

    e221f72865

  • install_file

    Dctooux.exe

  • strings_key

    09a7af7983af08af50ea3f51a73065e9

  • url_paths

    /forum/index.php

rc4.plain

Targets

    • Target

      6eb118ec56eb43af883cc2029f5c0578b681d6cb47871cbadb290a5f5b0eb35c

    • Size

      486KB

    • MD5

      c2b8ef494b3fe7ea3f21d3bb97d80bfb

    • SHA1

      774669fca4a453214c0907decc57b8a079165de5

    • SHA256

      6eb118ec56eb43af883cc2029f5c0578b681d6cb47871cbadb290a5f5b0eb35c

    • SHA512

      9a3ac6289b5fc9bbf8e91d133beac11f4e95416343c4920a9e0549bbf7526ee968a5f211d9dbf9e2809d369b6527848cb31da43a4b48cdbbef9ee3bf78250f33

    • SSDEEP

      6144:xWLAovSawIJWgiFEXmbxrM6y7gFFOKS9ssavei6OsUtvRMDEjoTI:kMmSawIJWgsEUyzDKVvP6lkGD

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks